Traditionally, purchases made with a credit or debit card have been completed by swiping the credit or debit card through a merchant's point of sale (POS) device. POS devices currently in use typically have a magnetic reader that reads the account information from the card when the card is swiped through the reader, such as a personal account number and an expiration date. This account information is then transmitted over a wired or wireless network to a payment service provider for processing. Purchases are also made without using a POS terminal directly. For example, a customer may telephone a merchant and provide credit or debit card information verbally. Purchases may also be completed over the internet, a practice that is becoming more common, by providing credit or debit card information to a web server through a web site. Because account information is contained on the credit or debit card itself, unauthorized use is difficult to prevent if the card owner does not have physical control over the card and has not notified the card issuer that the card has been lost or stolen.
More recently, the information typically gathered from the magnetic strip on a credit or debit card has been made available on electronic devices that can be detected by POS devices without physical contact. In such systems, a POS device may use near field communications (NFC) to detect information on a customer's electronic device. Customer devices that may be used to contain and transmit account information include mobile telephones, personal data assistants (PDAs), and passive devices such as radio-frequency identification (RFID) tags. In these implementations, the customer's actual account numbers are contained on the electronic device, so, like an actual credit or debit card, unauthorized use is not easily preventable if the device is not in the customer's physical control.
In an effort to reduce fraud and protect consumers, additional information may be required beyond that provided by a credit or debit card or electronic representation thereof, especially in situations where the purchaser is not physically present at a merchant location, such as when a purchase is completed over the phone or through a web site. Such additional information may include a particular code printed on the card itself (known variously as a card verification value (CVV), card validation code (CVC), or card ID (CID)) or a billing address zip code. Other efforts to reduce fraud include checking the signature on the back of a credit or debit card for a match against a signed sales receipt, using a personal identification code, and requiring a driver's license matching the name on the credit or debit card. Despite these efforts, which complicate the purchasing process and therefore may not be desirable by consumers or merchants, fraudulent use of credit and debit cards is still prevalent and of concern to consumers and merchants everywhere.